class <%= controller_class_name %>Controller < ApplicationController
  # This is required for edge rails
  protect_from_forgery :except => [:request_token, :access_token] if respond_to? :protect_from_forgery

  # TODO:
  # before_filter :require_login, :only => [:authorize]
  # def require_login
  #   unless session[:user_id]
  #     current_url = url_for params.merge(:path_only => false)
  #     redirect_to :controller => "users", :action => "login", :id => "new", :return_to => current_url
  #     false
  #   end
  # end
  
  # Step #1
  # First, OAuth consumer site connects here directly to get a request token pair
  # 
  # POST
  def request_token
    <%= singular_name %>_instance = <%= class_name %>.find_or_build_instance(self)
    <%= singular_name %>_instance.attributes = {
      :request_token => rand(2**64),
      :request_secret => rand(2**128),
    }
    <%= singular_name %>_instance.save!
    render :text => <%= singular_name %>_instance.request_token_response
  rescue
    logger.error $!
    logger.error $!.backtrace.join("\n")
    render :text => "Fail: #{$!} #{params.to_yaml}"
  end

  # Step #2
  # First, OAuth consumer site redirects end-user here (carrying the request token pair, see #1)
  # End-user is asked for authorization, display YES/NO prompt
  # 
  # This request carries no OAuth params other than "oauth_token"
  # 
  def authorize
    @<%= singular_name %>_instance = <%= class_name %>Instance.find_by_request_token_and_access_token(params[:oauth_token], nil)
    raise "Invalid token" unless @<%= singular_name %>_instance
    
    # 
    # TODO: 1. End user should've logged in before he is allowed to reach here
    #       2. Associate @<%= singular_name %>_instance with the logged in user
    # e.g.    
    # @<%= singular_name %>_instance.oauth_user = User.find(session[:user_id])
    # 

    @<%= singular_name %>_instance.update_attributes!({
      :access_token => rand(2**64),   # not part of OAuth flow, we're using this field
      :access_secret => rand(2**128), # to confirm user has accepted
    })
    @<%= singular_name %> = @<%= singular_name %>_instance.<%= singular_name %>
  rescue
    logger.error $!
    logger.error $!.backtrace.join("\n")
    render :text => "Fail: #{$!} #{params.to_yaml}"
  end

  # Step #3
  # End user has given his authorization, we will update our records before 
  # redirecting end user back to the OAuth consumer site
  # 
  # This request carries no OAuth params other than "oauth_token"
  # 
  def authorize_allow
    @<%= singular_name %>_instance = <%= class_name %>Instance.find_by_request_token_and_access_token(params[:oauth_token], params[:access_token])
    raise "Invalid token" unless @<%= singular_name %>_instance
    @<%= singular_name %>_instance.update_attributes!({
      :access_token => params[:oauth_token],
    })
    logger.debug "Authorized: " + @<%= singular_name %>_instance.to_yaml
    <%= singular_name %> = @<%= singular_name %>_instance.<%= singular_name %>
    redirect_to(<%= singular_name %>.callback_url + "?" + "token=" + CGI.escape(params[:oauth_token]))
  rescue
    logger.error $!
    logger.error $!.backtrace.join("\n")
    render :text => "Fail: #{$!} #{params.to_yaml}"
  end
  
  # Step #4. 
  # Upon callback, OAuth consumer site connects here directly to exchange
  # the request_token for access_token. Access token is used for all 
  # subsequent API calls done on behalf of this end user.
  # 
  # POST 
  def access_token
    <%= singular_name %>_instance = <%= class_name %>.find_or_build_instance(self)
    <%= singular_name %>_instance.update_attributes!({
      :request_token => nil,
      :request_secret => nil,
    })
    render :text => <%= singular_name %>_instance.access_token_response
  rescue
    logger.error [params, @<%= singular_name %>_consumer, $!.backtrace].to_yaml
    render :text => "#{$!}"
  end
  
  
  
  
  # GET /<%= table_name %>
  # GET /<%= table_name %>.xml
  def index
    @<%= table_name %> = <%= class_name %>.find(:all)

    respond_to do |format|
      format.html # index.rhtml
      format.xml  { render :xml => @<%= table_name %>.to_xml }
    end
  end

  # GET /<%= table_name %>/1
  # GET /<%= table_name %>/1.xml
  def show
    @<%= file_name %> = <%= class_name %>.find(params[:id])

    respond_to do |format|
      format.html # show.rhtml
      format.xml  { render :xml => @<%= file_name %>.to_xml }
    end
  end

  # GET /<%= table_name %>/new
  def new
    @<%= file_name %> = <%= class_name %>.new
  end

  # GET /<%= table_name %>/1;edit
  def edit
    @<%= file_name %> = <%= class_name %>.find(params[:id])
  end

  # POST /<%= table_name %>
  # POST /<%= table_name %>.xml
  def create
    @<%= file_name %> = <%= class_name %>.new(params[:<%= file_name %>])

    respond_to do |format|
      if @<%= file_name %>.save
        flash[:notice] = '<%= class_name %> was successfully created.'
        format.html { redirect_to <%= file_name %>_url(@<%= file_name %>) }
        format.xml  { head :created, :location => <%= file_name %>_url(@<%= file_name %>) }
      else
        format.html { render :action => "new" }
        format.xml  { render :xml => @<%= file_name %>.errors.to_xml }
      end
    end
  end

  # PUT /<%= table_name %>/1
  # PUT /<%= table_name %>/1.xml
  def update
    @<%= file_name %> = <%= class_name %>.find(params[:id])

    respond_to do |format|
      if @<%= file_name %>.update_attributes(params[:<%= file_name %>])
        flash[:notice] = '<%= class_name %> was successfully updated.'
        format.html { redirect_to <%= file_name %>_url(@<%= file_name %>) }
        format.xml  { head :ok }
      else
        format.html { render :action => "edit" }
        format.xml  { render :xml => @<%= file_name %>.errors.to_xml }
      end
    end
  end

  # DELETE /<%= table_name %>/1
  # DELETE /<%= table_name %>/1.xml
  def destroy
    @<%= file_name %> = <%= class_name %>.find(params[:id])
    @<%= file_name %>.destroy

    respond_to do |format|
      format.html { redirect_to <%= table_name %>_url }
      format.xml  { head :ok }
    end
  end
end
